Numerals in square brackets presented herebelow—[ ]—are keyed to the list of references found towards the close of the present disclosure.
Historically, static analysis tools have proven to be valuable in detecting software bugs in early development stages, e.g., at compilation time, and there have been a plethora of static analysis tools for various programming languages [3, 4, 9, 11, 14, 15, 19, 23, 25, 26] that can check a given piece of software against a set of invariants (properties). Many of these properties are language-independent (e.g., liveness properties such as deadlock-freeness, security properties such as complete mediation, etc.), thus it is desirable to make these tools available across all languages.
In addition, as software grows in size and complexity, it is not uncommon for a commercial software product to be written in multiple languages. For example, it is often necessary to mix C code in Java for improved performance. One would like to still be able to apply the same static analysis tools across the entire software, instead of the conventional segmented analysis approach where analyses are applied against only a subset of the code base.
Traditionally, people have approached this problem by porting the same analysis to different languages. This approach is not optimal: the porting efforts grow linearly with the number of new analyses, and the learning curve is steep for porting a tool to a new analysis engine.
Accordingly, a need has been recognized in connection with providing a language-neutral analysis framework, where one can plug and play various analysis algorithms without having to worry about which target language these analyses are developed for.